CISP Cardholder Information Security Program

The Cardholder Information Security Program (CISP) was a program established by Visa USA to ensure the security of cardholder information as it is being processed and stored by merchants and service providers.

CISP has since been superseded by the PCI Data Security Standard, a multi-vendor initiative to tackle Payment Card Industry security issues.

CISP Overview
When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. That’s why Visa Inc. instituted the Cardholder Information Security Program (CISP). Mandated since June 2001, CISP is intended to protect Visa cardholder data–wherever it resides–ensuring that members, merchants, and service providers maintain the highest information security standard.

In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard (DSS) resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements. Effective September 7, 2006, the PCI Security Standards Council (SSC) owns, maintains and distributes the PCI DSS and all its supporting documents. Visa, however, continues to manage all data security compliance enforcement and validation initiatives.